package chapter14.web;

import java.util.*;

import chapter14.core.*;

import chapter14.domain.*;

import chapter14.manager.*;


public abstract class SecurityAction<T> extends DirectAction<T> {
    protected boolean check(String securityName) {
        User user = (User) this.getSessionValue("user");
        MenuManager menuManager = (MenuManager) this.getApplicationContext()
                                                    .getBean("menuManager");
        String hql = "select m.url from Menu m inner join m.roles r inner join r.users u where u=?";
        List<String> menus = (List<String>) menuManager.find(hql, user);

        return menus.contains(securityName);
    }

    protected Result failure() {
        return new Result(false, "Access Denied");
    }
}
